4. VIRTUAL FORWARDER INTERFACE (VFI)
4.2. Initial Configuration of Primary Link
4.2.4. Primary Link GMAC
Since the Elfiq Link Balancer operates at the data link layer of the OSI model (layer 2), it needs to know the Ethernet MAC addresses of the external devices it communicates with. Every WAN connection linked to a VFI is represented in the Link LB by a gateway MAC address (or GMAC) entry.
In basic scenarios, a configuration has one GMAC per link.
ISP A’s router
Figure 12: Display of 2 GMACs where a VFI balances 2 ISPs
In other scenarios, multiple GMACs can point to the same router. A typical example is if you have an MPLS router handling both Internet and private traffic, having two GMACs allow different polling mechanisms for both types of traffic.
A GMAC entry represents every aspect of the connected link. This includes:
Small description: Identify the link associated with the GMAC
MAC address of the router: Used to identify the router associated with a given ISP. This tells the Link LB that this MAC address is a valid source from which it can receive packets and to which it can send packets. The MAC address is an important key and must be unique to a GMAC. We usually let the Elfiq LB automatically find the
associated MAC address but it can also be entered as a parameter. Advanced scenarios can have a parent GMAC (to support same MAC address for two GMACs), a channel GMAC (for inter-VFI communication) and shadow GMAC (replicated GMAC information from a remote site through a Geolink communication between two Link LBs). Refer to advanced sections for more information on those concepts.
IP address of the router: This IP address, in conjunction with the MAC address of the router, is used to
automatically add a static entry for the router in the ARP table of the Link LB. The addition of this table entry is the key in allowing the Link LB to exchange data between that ISP and your internal network. The IP address, along with the subnet mask is used by the Link LB to tie IP traffic flows with their destination MAC address.
Without it, the Link LB would not be able to know which GMAC it should send packets to. If you have more than one IP address range provided by your ISP, the Link LB should know about those networks too. They can be configured separately by associating additional GMAC networks using the
gmac net
command. Maximum bandwidth for incoming and outgoing traffic: Depending on the chosen balancing algorithm, the bandwidth (speed) of your link can serve as a determining factor in the redirection of the traffic flow. This value is also used during the statistic analysis of the links. Therefore, it’s important to enter the appropriate value. The bandwidth must be entered in kilobits per seconds, and not in kilobytes. If you are unsure about this value, please be sure to contact your Internet or private link service provider. They will be able to provide you the correct information.
Layer 2 encapsulation delta (or adjustment): This value has been used to adjust the frame size delta between different network technologies, It is now deprecated, simply put zero as value in this field.
Weight: Used during the priority selection of the link for balancing protocols. Specify the weight of the link with a value between 1 and 65535. Links with the lowest numerical value have the highest priority.
Examples:
Weights of equal value: No link is prioritized
Weights of 1 and 2: Link with a weight of 1 is favoured
Weights of 1, 1, 2 and 100: Links with a weight of 1 are the most favored, link with a weight of 2 is next, and link with a weight of 100 is last in the selection.
TCP polling addresses and ports: Used to test the status of the GMAC, as well as calculate the Round Trip Time (RTT). Polling destinations can either be addresses configured directly in the GMAC or groups of addresses. Up to 8 different addresses per polling destination group can be configured to more accurately determine the link’s condition. The same group can be used for many GMACs at once. Any given GMAC can use only one group at a time. The maximum number of groups per VFI depends on the Link LB model. Should one host stop responding while others still do, then the problem can be attributed to that host instead of the link. A packet is sent to specified hosts in round-robin every 3 seconds and the difference in time between the time the packet was sent and the time the response was received is calculated.
gmac [id] [auto|mac address|chn:id|gmac:id] [description] [ip
address]/[netmask-bits]|[dhcp:id|pppox:id] [weight] [speed (kb/s) in]
[speed (kb/s) out] [layer 2 adj] [[polldestgrp:id]|[poll ip address]:[tcp
port],[poll ip address2]:[tcp port2]] [% threshold in]/[% threshold out]
Threshold percentages for incoming and outgoing traffic: Used to limit the amount traffic on the link to the specified percentage in a best effort manner. This is especially useful to control link traffic in cases where the monthly price of the link depends on the bandwidth usage. Example: If you have a T1 with a fixed price for a monthly usage of 1 Mbps, but for which the price will increase if your average use was above this rate; you can set the threshold for this link at 66%. This will make the Link LB limit the use of this link to 66% of the capacity of your T1, which is about 1Mbps. Threshold are also useful in algorithms to use specific links after the threshold is met on some other links.
You are now able to add the primary link GMAC entry that Elfiq Link Balancer will manage with the gmac command, which has the following syntax:
gmac [id] [auto|mac address|chn:id|gmac:id] [description] [ip address]/[netmask-bits]|[dhcp:id|pppox:id] [weight] [speed (kb/s) in]
[speed (kb/s) out] [layer 2 adj] [poll ip address]:[tcp port],[poll ip address2]:[tcp port2] [% threshold in]/[% threshold out]
Let’s take a look at how we would configure the primary link on the Link LB, assuming we have a T1 link and want a threshold of 1 Mbps:
LinkLB-enable:vfi0 [single] # gmac 1 auto Primary_Link_T1 194.204.1.1/25 1 1544 1544 0 0.0.0.0:0,0.0.0.0:0 66/66 NOTE: When you specify the AUTO parameter, the Link LB will discover the MAC address of the link router automatically and update it in case the router NIC card is replaced.
NOTE: If the first TCP destination probe is 0.0.0.0:0, the TCP polling will be disabled so the GMAC will always be up and RTT values will remain at zero.
NOTE: Another way to restrict link traffic is to create a QoS queue for the GMAC and activate the QoS module.
WARNING: The TCP polling addresses and ports must be adjusted in your configuration for dependable destinations.
By default, the GMAC is assigned to the first outside interface of the VFI with the attach out command and used in pass-through mode. In the current example, it is not strictly required to specify to which outside interface the GMAC is connected. However, it is considered best practice to always configure the interface in the gmac configuration, use the gmac dev command for this purpose:
gmac dev [mac address|id] [interface]
gmac dev 1 eth2
By default, the Elfiq Link LB will dynamically choose the first source IP address it detects for the TCP polling and verifying link status. It is best practice (and mandatory on alternate links) to always specify for every GMAC which source IP to use with the gmac tcpprobe command:
gmac tcpprobe [mac address|chn:id|id] [dynamic] | [ip address]
gmac tcpprobe 1 194.204.1.3
Once this has been done, you can validate the information you have entered by issuing the
sh gmac
command. This will display all the information on your currently configured GMAC entry for your current VFI.LinkLB-enable:vfi0 [single] # sh gmac
Name[Gmac1] Type[local] Mac Address[auto] Description[Primary_Link_T1]
Mode[mono (eth2)] IP Address[194.204.1.1] Netmask[255.255.255.128 or /25]
Mtu[1500] Status[enabled, incomplete] Message[searching for mac address]
Probe src IP[194.204.1.3] Probe src type[static]
Usage In (kb/s)[0.000] Usage Out (kb/s)[0.000]
NOTE: The Ethernet MAC address of the router that is associated with a GMAC will always be the “main identity” that will be used to identify a GMAC. Therefore, all other commands associated with GMAC entries will always require the MAC address or GMAC ID to be entered, in order to make the right association with the proper GMAC entry.
NOTE: At this point, it is normal that the primary link gmac does not display the MAC address and the status being incomplete. This is because it is not connected and the Link LB is searching for the GMAC MAC address.